论文信息 - Enhancing Mobile Malware Detection with Social Collaboration

Enhancing Mobile Malware Detection with Social Collaboration

Resource-constrained mobile devices pose a challenge to the design of security mechanisms. Existing host-based malware detection solutions are often resource-intensive. We present a decentralized and resource-aware malware detection architecture for mobile devices. Our approach leverages two key ideas: social collaboration and the concept of a hot set. The hot set concept states that not all malware signatures are equally important. At any given time, some signatures (the hot set) are more likely to be matched than the others. We leverage this concept by only keeping the hot set of signatures in the main memory of a mobile device, and distributing the whole signature database among devices belonging to the social group of the device owner. We demonstrate the feasibility of our approach by implementing a proof-of-concept (Social-AV) based on an open source anti-malware software, Clam AV. Experiments show that Social-AV reduces the memory consumption to about 55% of the amount consumed by Clam AV, while retaining the same detection capability.

[1] Pei Cao,et al. Hash-AV: fast virus signature scanning by cache-resident filters , 2005, GLOBECOM.

[2] Farnam Jahanian,et al. When mobile is harder than fixed (and vice versa): demystifying security challenges in mobile environments , 2010, HotMobile '10.

[3] Burton H. Bloom,et al. Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[4] Pei Cao,et al. Hash-AV: fast virus signature scanning by cache-resident filters , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..

[5] Songwu Lu,et al. SmartSiren: virus detection and alert for smartphones , 2007, MobiSys '07.

[6] Thomas F. La Porta,et al. On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[7] Jason Flinn,et al. Virtualized in-cloud security services for mobile devices , 2008, MobiVirt '08.

[8] Herbert Bos,et al. Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[9] Vinayak S. Naik,et al. SMSAssassin: crowdsourcing driven mobile-based system for SMS spam filtering , 2011, HotMobile '11.

[10] Thomas F. La Porta,et al. Exploiting open functionality in SMS-capable cellular networks , 2005, CCS '05.

[11] Michael D. Smith,et al. Rapid detection of botnets through collaborative networks of peers , 2007 .

[12] David Brumley,et al. SplitScreen: Enabling efficient, distributed malware detection , 2010, Journal of Communications and Networks.